def pack_auth_db(): """Packs an entire AuthDB into a blob, signing it using app's private key. Returns: Tuple (blob, name of a key used to sign it, base64 encoded signature). """ # Grab the snapshot. state, snapshot = replication.new_auth_db_snapshot() # Serialize to binary proto message. req = replication_pb2.ReplicationPushRequest() req.revision.primary_id = app_identity.get_application_id() req.revision.auth_db_rev = state.auth_db_rev req.revision.modified_ts = utils.datetime_to_timestamp(state.modified_ts) replication.auth_db_snapshot_to_proto(snapshot, req.auth_db) req.auth_code_version = version.__version__ auth_db_blob = req.SerializeToString() # Sign it using primary's private keys. sign_blob is limited to 8KB only, so # hash the body first and sign the digest. key_name, sig = signature.sign_blob(hashlib.sha512(auth_db_blob).digest()) sig = base64.b64encode(sig) logging.debug('AuthDB blob size is %d bytes', len(auth_db_blob)) return auth_db_blob, key_name, sig
def test_works(self): PRIMARY_URL = 'https://primary' AUTH_DB_REV = 1234 # Make some non-empty snapshot, its contents is not important. auth_db = replication.auth_db_snapshot_to_proto( make_snapshot_obj(global_config=model.AuthGlobalConfig( key=model.root_key(), oauth_client_id=u'some-client-id', oauth_client_secret=u'some-client-secret', oauth_additional_client_ids=[u'id1', u'id2'], token_server_url=u'https://example.com', security_config='security config blob'))) # Store in 50-byte shards. shard_ids = replication.store_sharded_auth_db(auth_db, PRIMARY_URL, AUTH_DB_REV, 50) self.assertEqual(2, len(shard_ids)) # Verify keys look OK and the shard size is respected. for shard_id in shard_ids: self.assertEqual(len(shard_id), 16) shard = model.snapshot_shard_key(PRIMARY_URL, AUTH_DB_REV, shard_id).get() self.assertTrue(len(shard.blob) <= 50) # Verify it can be reassembled back. reassembled = replication.load_sharded_auth_db(PRIMARY_URL, AUTH_DB_REV, shard_ids) self.assertEqual(reassembled, auth_db)
def pack_auth_db(): """Packs an entire AuthDB into a blob (serialized protobuf message). Returns: Tuple (AuthReplicationState, blob). """ # Grab the snapshot. state, snapshot = replication.new_auth_db_snapshot() # Serialize to binary proto message. req = replication_pb2.ReplicationPushRequest() req.revision.primary_id = app_identity.get_application_id() req.revision.auth_db_rev = state.auth_db_rev req.revision.modified_ts = utils.datetime_to_timestamp(state.modified_ts) replication.auth_db_snapshot_to_proto(snapshot, req.auth_db) req.auth_code_version = version.__version__ auth_db_blob = req.SerializeToString() logging.debug('AuthDB blob size is %d bytes', len(auth_db_blob)) return state, auth_db_blob
def assert_serialization_works(self, snapshot): """Ensures AuthDBSnapshot == AuthDBSnapshot -> proto -> AuthDBSnapshot.""" roundtrip = replication.proto_to_auth_db_snapshot( replication.auth_db_snapshot_to_proto(snapshot)) self.assertEqual(snapshot_to_dict(snapshot), snapshot_to_dict(roundtrip))
def make_auth_db_proto(**kwargs): return replication.auth_db_snapshot_to_proto(make_snapshot_obj(**kwargs))